Pro-Iranian hackers are expanding their operations beyond the Middle East and increasingly targeting critical infrastructure in the United States, according to cybersecurity experts and recent incidents. The attacks represent a significant escalation in Iran’s cyber warfare capabilities and pose growing risks to American defense contractors, power stations, and water plants.
Handala Claims Major US Attack
The pro-Iranian hacktivist group Handala claimed responsibility for a significant cyberattack against US medical device company Stryker on Wednesday. The group stated the attack was retaliation for suspected US strikes that killed Iranian schoolchildren, demonstrating how hacktivist groups are tying their operations directly to the ongoing conflict.
“What distinguishes this group is its clear focus on data destruction rather than financial extortion,” said Ismael Valenzuela, vice president of threat intelligence at Arctic Wolf. This aligns with Iran’s broader strategy of causing disruption rather than seeking profit.
Targets Expanding
Since the war began on February 28, Iranian-aligned hackers have:
- Attempted to penetrate cameras in Middle Eastern countries to improve missile targeting
- Targeted data centers throughout the region
- Attacked industrial facilities in Israel
- Compromised a school in Saudi Arabia and an airport in Kuwait
- Targeted a nuclear research facility in Poland (under investigation)
Going forward, US defense contractors, government vendors, and businesses working with Israel are likely targets, along with hospitals, ports, water plants, power stations, and railways.
“Gloves Are Off”
Kevin Mandia, founder of cybersecurity companies Mandiant and Armadin, warned of the growing threat. “Something is going to happen because the gloves are off,” Mandia said, indicating that Iran’s cyber operators are now operating without previous restraints.
The goal of these operations is to wear down the American war effort, drive up energy costs, strain cyber resources, and cause maximum pain for companies connected to the defense industry.
Easy Targets at Risk
Experts note that local water plants and healthcare facilities are particularly vulnerable because they often lack the resources to maintain proper cybersecurity hygiene. This makes them attractive targets both for their ease of penetration and the panic their disruption can cause.
Former FBI and CIA officer Shaun Williams, now a senior director at SentinelOne, urged organizations to take immediate action: “Patch your systems. Ensure your firewalls and security solutions are up to date. Remove your stale accounts. All the cyber hygiene that you should be doing, it’s more critical now than ever. Prepare for disruption.”
Iran: The Chaos Agent
While Russia and China present the greatest cyber threats to the US, Iran has made up for limited resources with ingenuity. Iranian hackers have:
- Impersonated American activists to encourage protests against Israel on college campuses
- Set up fake news websites and social media accounts before US elections
- Infiltrated the email system of the Trump campaign in 2024
- Repeatedly targeted US water utilities
Why This Matters
The expansion of pro-Iranian cyber operations to target US infrastructure represents a significant escalation. Organizations—particularly those in the critical infrastructure and defense sectors—should immediately review their cybersecurity posture and prepare for potential attacks. The Telegram channels used by these groups openly discuss targeting US data centers and military communication systems, leaving little doubt about their intentions.
